Generation/Revocation of Tenant Admin SSO Link (#219)

toharm · slavikm · web-flow · commit 1b5698abcbe9 · 2025-07-23T16:23:16.000-07:00
* Added to TenantService - generation and revocation of admin/config SSO link &amp; testing.

* Fixed request body, revoke link, next: adding proper testing

* fix test

* Added Request/Response class for mock testing. Fixed lint issues &amp; generate success test.

* lint 1

* lint 2

* alphabetical order is hard

* addIfNotNull population

* more testing

* added integration testing

* fixed request struct

* added a period

* Bump version

---------

Co-authored-by: Slavik Markovich &lt;s@descope.com&gt;
diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
     <groupId>com.descope</groupId>
     <artifactId>java-sdk</artifactId>
     <modelVersion>4.0.0</modelVersion>
-    <version>1.0.46</version>
+    <version>1.0.47</version>
     <name>${project.groupId}:${project.artifactId}</name>
     <description>Java library used to integrate with Descope.</description>
     <url>https://github.com/descope/descope-java</url>
diff --git a/src/main/java/com/descope/literals/Routes.java b/src/main/java/com/descope/literals/Routes.java
@@ -126,6 +126,8 @@ public static class ManagementEndPoints {
     public static final String LOAD_ALL_TENANTS_LINK = "/v1/mgmt/tenant/all";
     public static final String TENANT_SEARCH_ALL_LINK = "/v1/mgmt/tenant/search";
     public static final String GET_TENANT_SETTINGS_LINK = "/v1/mgmt/tenant/settings";
+    public static final String GENERATE_SSO_CONFIGURATION_LINK = "/v2/mgmt/tenant/adminlinks/sso/generate";
+    public static final String REVOKE_SSO_CONFIGURATION_LINK = "/v1/mgmt/tenant/adminlinks/sso/revoke";
 
     // SSO
     public static final String SSO_GET_SETTINGS_LINK = "/v1/mgmt/sso/settings";
diff --git a/src/main/java/com/descope/model/tenant/request/GenerateTenantLinkRequest.java b/src/main/java/com/descope/model/tenant/request/GenerateTenantLinkRequest.java
@@ -0,0 +1,21 @@
+package com.descope.model.tenant.request;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class GenerateTenantLinkRequest {
+  String tenantId;
+  /** Expiration duration in seconds. */
+  @JsonProperty("expireTime")
+  long expireDuration;
+  String ssoId;
+  String email;
+  String templateId;
+}
diff --git a/src/main/java/com/descope/model/tenant/response/GenerateTenantLinkResponse.java b/src/main/java/com/descope/model/tenant/response/GenerateTenantLinkResponse.java
@@ -0,0 +1,14 @@
+package com.descope.model.tenant.response;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class GenerateTenantLinkResponse {
+  String adminSSOConfigurationLink;
+}
diff --git a/src/main/java/com/descope/sdk/mgmt/TenantService.java b/src/main/java/com/descope/sdk/mgmt/TenantService.java
@@ -3,6 +3,7 @@
 import com.descope.exception.DescopeException;
 import com.descope.model.tenant.Tenant;
 import com.descope.model.tenant.TenantSettings;
+import com.descope.model.tenant.request.GenerateTenantLinkRequest;
 import com.descope.model.tenant.request.TenantSearchRequest;
 import java.util.List;
 import java.util.Map;
@@ -146,4 +147,22 @@ void update(String id, String name, List<String> selfProvisioningDomains, Map<St
    * @throws DescopeException in case of errors
    */
   void configureSettings(String id, TenantSettings settings) throws DescopeException;
+
+  /**
+   * Generate a link that can be used to configure SSO for the tenant.
+   *
+   * @param request The request object containing all necessary parameters
+   * @return A link that can be used to configure SSO for the tenant
+   * @throws DescopeException in case of errors
+   */
+  String generateSSOConfigurationLink(GenerateTenantLinkRequest request) throws DescopeException;
+
+  /**
+   * Revoke an existing SSO configuration link for the tenant.
+   *
+   * @param id Tenant ID
+   * @param ssoID The SSO ID for which the link should be revoked
+   * @throws DescopeException in case of errors
+   */
+  void revokeSSOConfigurationLink(String id, String ssoID) throws DescopeException;
 }
diff --git a/src/main/java/com/descope/sdk/mgmt/impl/TenantServiceImpl.java b/src/main/java/com/descope/sdk/mgmt/impl/TenantServiceImpl.java
@@ -2,9 +2,11 @@
 
 import static com.descope.literals.Routes.ManagementEndPoints.CREATE_TENANT_LINK;
 import static com.descope.literals.Routes.ManagementEndPoints.DELETE_TENANT_LINK;
+import static com.descope.literals.Routes.ManagementEndPoints.GENERATE_SSO_CONFIGURATION_LINK;
 import static com.descope.literals.Routes.ManagementEndPoints.GET_TENANT_SETTINGS_LINK;
 import static com.descope.literals.Routes.ManagementEndPoints.LOAD_ALL_TENANTS_LINK;
 import static com.descope.literals.Routes.ManagementEndPoints.LOAD_TENANT_LINK;
+import static com.descope.literals.Routes.ManagementEndPoints.REVOKE_SSO_CONFIGURATION_LINK;
 import static com.descope.literals.Routes.ManagementEndPoints.TENANT_SEARCH_ALL_LINK;
 import static com.descope.literals.Routes.ManagementEndPoints.UPDATE_TENANT_LINK;
 import static com.descope.utils.CollectionUtils.addIfNotNull;
@@ -15,7 +17,9 @@
 import com.descope.model.client.Client;
 import com.descope.model.tenant.Tenant;
 import com.descope.model.tenant.TenantSettings;
+import com.descope.model.tenant.request.GenerateTenantLinkRequest;
 import com.descope.model.tenant.request.TenantSearchRequest;
+import com.descope.model.tenant.response.GenerateTenantLinkResponse;
 import com.descope.model.tenant.response.GetAllTenantsResponse;
 import com.descope.proxy.ApiProxy;
 import com.descope.sdk.mgmt.TenantService;
@@ -181,6 +185,42 @@ public void configureSettings(String id, TenantSettings settings) throws Descope
     apiProxy.post(configureSettingsUri(), req, Void.class);
   }
 
+  @Override
+  public String generateSSOConfigurationLink(GenerateTenantLinkRequest request) throws DescopeException {
+    if (request == null) {
+      request = GenerateTenantLinkRequest.builder().build();
+    }
+
+    if (StringUtils.isBlank(request.getTenantId())) {
+      throw ServerCommonException.invalidArgument("tenantId");
+    }
+
+    Map<String, Object> req = mapOf("tenantId", request.getTenantId());
+    addIfNotNull(req, "expireTime", request.getExpireDuration());
+    addIfNotNull(req, "ssoId", request.getSsoId());
+    addIfNotNull(req, "email", request.getEmail());
+    addIfNotNull(req, "templateId", request.getTemplateId());
+    
+    URI generateSSOConfigurationLinkUri = generateSSOConfigurationLinkUri();
+    ApiProxy apiProxy = getApiProxy();
+    GenerateTenantLinkResponse response = apiProxy.post(
+        generateSSOConfigurationLinkUri, req, GenerateTenantLinkResponse.class);
+    return response.getAdminSSOConfigurationLink();
+  }
+
+  @Override
+  public void revokeSSOConfigurationLink(String tenantId, String ssoID) throws DescopeException {
+    if (StringUtils.isBlank(tenantId)) {
+      throw ServerCommonException.invalidArgument("tenantId");
+    }
+
+    Map<String, Object> req = mapOf("tenantId", tenantId, "ssoId", ssoID);
+
+    URI revokeSSOConfigurationLinkUri = revokeSSOConfigurationLinkUri();
+    ApiProxy apiProxy = getApiProxy();
+    apiProxy.post(revokeSSOConfigurationLinkUri, req, Void.class);
+  }
+
   private URI composeCreateTenantUri() {
     return getUri(CREATE_TENANT_LINK);
   }
@@ -212,4 +252,12 @@ private URI getSettingsUri(String id) {
   private URI configureSettingsUri() {
     return getUri(GET_TENANT_SETTINGS_LINK);
   }
+
+  private URI generateSSOConfigurationLinkUri() {
+    return getUri(GENERATE_SSO_CONFIGURATION_LINK);
+  }
+
+  private URI revokeSSOConfigurationLinkUri() {
+    return getUri(REVOKE_SSO_CONFIGURATION_LINK);
+  }
 }
diff --git a/src/test/java/com/descope/sdk/mgmt/impl/FGAServiceImplTest.java b/src/test/java/com/descope/sdk/mgmt/impl/FGAServiceImplTest.java
@@ -1,19 +1,11 @@
 package com.descope.sdk.mgmt.impl;
 
-import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_FGA_CHECK;
-import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_FGA_CREATE_RELATIONS;
-import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_FGA_DELETE_RELATIONS;
-import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_FGA_LOAD_SCHEMA;
-import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_FGA_RESOURCES_LOAD;
-import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_FGA_RESOURCES_SAVE;
-import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_FGA_SAVE_SCHEMA;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.lenient;
-import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
@@ -30,7 +22,6 @@
 import com.descope.proxy.impl.ApiProxyBuilder;
 import com.descope.sdk.TestUtils;
 import com.descope.sdk.mgmt.FGAService;
-import com.descope.sdk.mgmt.impl.ManagementServiceBuilder;
 import com.fasterxml.jackson.core.type.TypeReference;
 import java.io.IOException;
 import java.nio.file.Files;
@@ -94,6 +85,7 @@ void testSaveSchema_EmptyDSL() {
     assertThrows(ServerCommonException.class, () -> fgaService.saveSchema(schema));
   }
 
+  @SuppressWarnings("unchecked")
   @Test
   void testLoadSchema_Success() throws Exception {
     Map<String, Object> response = new HashMap<>();
@@ -145,6 +137,7 @@ void testDeleteRelations_Success() throws Exception {
     }
   }
 
+  @SuppressWarnings("unchecked")
   @Test
   void testCheck_Success() throws Exception {
     List<FGARelation> relations = Arrays.asList(
@@ -169,6 +162,7 @@ void testCheck_Success() throws Exception {
     }
   }
 
+  @SuppressWarnings("unchecked")
   @Test
   void testLoadResourcesDetails_Success() throws Exception {
     List<FGAResourceIdentifier> identifiers = Arrays.asList(
diff --git a/src/test/java/com/descope/sdk/mgmt/impl/TenantServiceImplTest.java b/src/test/java/com/descope/sdk/mgmt/impl/TenantServiceImplTest.java
@@ -18,7 +18,9 @@
 import com.descope.model.client.Client;
 import com.descope.model.tenant.Tenant;
 import com.descope.model.tenant.TenantSettings;
+import com.descope.model.tenant.request.GenerateTenantLinkRequest;
 import com.descope.model.tenant.request.TenantSearchRequest;
+import com.descope.model.tenant.response.GenerateTenantLinkResponse;
 import com.descope.model.tenant.response.GetAllTenantsResponse;
 import com.descope.proxy.ApiProxy;
 import com.descope.proxy.impl.ApiProxyBuilder;
@@ -259,6 +261,16 @@ void testFunctionalFullCycle() {
     tenants = tenantService.searchAll(tenantSearchRequest);
     assertThat(tenants).isEmpty();
 
+    GenerateTenantLinkRequest generateTenantLinkRequest = GenerateTenantLinkRequest.builder()
+        .tenantId(tenantId)
+        .expireDuration(60 * 60 * 24)
+        .build();
+      
+    String link = tenantService.generateSSOConfigurationLink(generateTenantLinkRequest);
+    assertThat(link).isNotBlank();
+
+    tenantService.revokeSSOConfigurationLink(tenantId, "");
+
     tenantSettings.setJitDisabled(true);
     tenantSettings.setAuthType(TenantAuthType.OIDC);
     tenantService.configureSettings(tenantId, tenantSettings);
@@ -268,4 +280,102 @@ void testFunctionalFullCycle() {
     assertThat(tenantSettings.getAuthType()).isEqualTo(TenantAuthType.OIDC);
     tenantService.delete(tenantId);
   }
+
+  @Test
+  void testGenerateSSOConfigurationLinkForEmptyParams() {
+    ServerCommonException thrown = assertThrows(ServerCommonException.class, () 
+        -> tenantService.generateSSOConfigurationLink(GenerateTenantLinkRequest.builder()
+          .tenantId("")
+          .expireDuration(0)
+          .ssoId("")
+          .email("")
+          .templateId("")
+          .build()));
+    assertNotNull(thrown);
+    assertEquals("The tenantId argument is invalid", thrown.getMessage());
+  }
+
+  @Test
+  void testGenerateSSOConfigurationLinkForSuccess() {
+    GenerateTenantLinkResponse mockResponse = GenerateTenantLinkResponse.builder()
+        .adminSSOConfigurationLink("some link")
+        .build();
+
+    ApiProxy apiProxy = mock(ApiProxy.class);
+
+    doReturn(mockResponse).when(apiProxy).post(any(), any(), any());
+    try (MockedStatic<ApiProxyBuilder> mockedApiProxyBuilder = mockStatic(ApiProxyBuilder.class)) {
+      mockedApiProxyBuilder.when(
+          () -> ApiProxyBuilder.buildProxy(any(), any())).thenReturn(apiProxy);
+      String response = tenantService.generateSSOConfigurationLink(
+          GenerateTenantLinkRequest.builder()
+            .tenantId("tenant")
+            .expireDuration(60 * 60 * 24)
+            .ssoId("")
+            .email("")
+            .templateId("")
+            .build());
+
+      assertThat(response).isEqualTo("some link");
+      verify(apiProxy, times(1)).post(any(), any(), any());
+    }
+  }
+
+  @Test
+  void testGenerateSSOConfigurationLinkWithSSOIdForSuccess() {
+    GenerateTenantLinkResponse mockResponse = GenerateTenantLinkResponse.builder()
+        .adminSSOConfigurationLink("some link")
+        .build();
+
+    ApiProxy apiProxy = mock(ApiProxy.class);
+
+    doReturn(mockResponse).when(apiProxy).post(any(), any(), any());
+    try (MockedStatic<ApiProxyBuilder> mockedApiProxyBuilder = mockStatic(ApiProxyBuilder.class)) {
+      mockedApiProxyBuilder.when(
+          () -> ApiProxyBuilder.buildProxy(any(), any())).thenReturn(apiProxy);
+      String response = tenantService.generateSSOConfigurationLink(
+          GenerateTenantLinkRequest.builder()
+            .tenantId("tenant")
+            .expireDuration(60 * 60 * 24)
+            .ssoId("bla")
+            .email("a@a.com")
+            .templateId("template-id")
+            .build());
+
+      assertThat(response).isEqualTo("some link");
+      verify(apiProxy, times(1)).post(any(), any(), any());
+    }
+  }
+
+  @Test
+  void testRevokeSSOConfigurationLinkForEmptyParams() {
+    ServerCommonException thrown = assertThrows(ServerCommonException.class, () ->
+        tenantService.revokeSSOConfigurationLink("", ""));
+    assertNotNull(thrown);
+    assertEquals("The tenantId argument is invalid", thrown.getMessage());
+  }
+
+  @Test
+  void testRevokeSSOConfigurationLinkForSuccess() {
+    ApiProxy apiProxy = mock(ApiProxy.class);
+    doReturn(void.class).when(apiProxy).post(any(), any(), any());
+    try (MockedStatic<ApiProxyBuilder> mockedApiProxyBuilder = mockStatic(ApiProxyBuilder.class)) {
+      mockedApiProxyBuilder.when(
+          () -> ApiProxyBuilder.buildProxy(any(), any())).thenReturn(apiProxy);
+      tenantService.revokeSSOConfigurationLink("tenant", ""); 
+      verify(apiProxy, times(1)).post(any(), any(), any());
+    }
+  }
+
+  @Test
+  void testRevokeSSOConfigurationLinkWithSSOIdForSuccess() {
+    ApiProxy apiProxy = mock(ApiProxy.class);
+    doReturn(void.class).when(apiProxy).post(any(), any(), any());
+    try (MockedStatic<ApiProxyBuilder> mockedApiProxyBuilder = mockStatic(ApiProxyBuilder.class)) {
+      mockedApiProxyBuilder.when(
+          () -> ApiProxyBuilder.buildProxy(any(), any())).thenReturn(apiProxy);
+      tenantService.revokeSSOConfigurationLink("tenant", "bla"); 
+      verify(apiProxy, times(1)).post(any(), any(), any());
+    }
+  }
 }
